Facebook, Twitter Spam Stopped by Start-Up

Palo Alto, Calif.-based Impermium is helping rid the Web of pesky social spam.

Olivia Oran

NEW YORK (TheStreet) -- As social networking sites like Facebook and Twitter explode in size, they're increasingly being targeted by a new enemy: spammers.

Rather than spreading spam through e-mail, criminals are now turning to social networks where they can launch sophisticated attacks against users that appear to come from trusted friends and family.

Enter Impermium, a Palo Alto, Calif.-based start-up trying to curb so-called "social spam" like fraudulent registrations, fake following and friending schemes and account takeovers. Launched in 2010 by three former Yahoo!(:YHOO) execs, including the company's "spam czar" Mark Risher, Impermium is working with around two dozen clients, including large Internet portals, micro blogging sites, dating sites and large commenting platforms.

The company has also raised $9 million from top tier venture firms including Accel Partners, Highland Capital Partners and Greylock Partners.

"E-mail is saturated and everyone has gradually built up a healthy degree of skepticism about e-mail messages, but what is more innocent sounding than a Tweet that says 'here's a photo someone took of you, click here to find more'?'" Risher said.

A recent study by Barracuda Labs found that 90% of Internet users have received spam on a social network and one in four have received a virus or malware on a site such as Facebook or MySpace.

Spammers on these networks create fake accounts so they can "friend" users and then post links on their profiles containing malware or viruses. The bad link then spreads once other users click through. Some of these links contain offers for items like a free iPad or restaurant gift cards.

Facebook, in particular, took a hit last November when its network was flooded with a pornographic spam attack.

While Facebook says only 4% of its content shared by members is spammy, the site nonetheless recognizes its dangers. The site identified spam as an ongoing business issue that could impact its operations and reputation in its S-1 filing and nearly a third of the social network's employees are engaged in fighting spam, the company has said.

Twitter, meanwhile, has increased its number of "spam science" programmers to five, up from two last year, the microblogging site told the Wall Street Journal last month.

Startup-sized companies can spend up to 60 hours per week controlling user fraud and abuse, according to Impermium, as the implications of social spam are far reaching.

Online advertising networks may decide they don't want run their ads on particular sites filled with spam, Risher said. These sites may also take a hit on Google's(:GOOG) organic page rankings, which punishes links that contain comment spam.

Social spam has the potential to be more dangerous than traditional e-mail spam, said Stephen Cobb, a security researcher with IT security company ESET.

"If people keep falling for social spam, we're going to see more of it and it will be used for increasingly nefarious purposes," he said. "If I want to run an online baiting scam and I can get a 10% open rate through social media versus 1% through e-mail I'm going to go down that road."

And as Internet users place more and more of their personal information online, the data that social spammers can steal becomes even more desirable.

"Facebook has got the world's biggest target painted on its back," said Chester Wisniewski, an advisor at security firm Sophos. "You've got a goldmine of information there if you find a way to exploit it."